CureZone   Log On   Join
If you NEED to go into DOS mode, be VERY careful of what you delete, make copies before you delete and RESTORE POINTS.
 
been there done that Views: 2,281
Published: 18 y
 
This is a reply to # 731,653

If you NEED to go into DOS mode, be VERY careful of what you delete, make copies before you delete and RESTORE POINTS.


XP might not have the abilities that 98 has about DOS (maybe press f8 when you boot?). Just to give you an idea, DOS can search the whole hard drive for the name of a file (even a partial name using wildcards) and transfer the output of it's search to any file you will want to read later (using a REDIRECT > command).

This is a post I wrote months ago.
---------------


If you go into DOS (not by choosing the MS-DOS prompt from the 'Programs' menu, Windows will still be running and using the files you want to delete) by RESTARTING IN DOS MODE, then you will be able to delete files.

When you get into DOS mode, the screen shows this:
C:\Windows
(even though it says "Windows", the computer is in DOS mode).



Next, you want to leave the Windows directory and enter the root (main) directory press CD.. (that's CD period period), then press ENTER.

That's done because you are going to enter a command to search the WHOLE hard drive, instead of just searching the Windows directory alone for the rogue files that are carrying out operations unknown to you.

(Later on, you can look at these files with the TYPE command, I only capitalize for emphasis, DOS is never case sensitive unless specified. Since TYPE is a command, I will use the word 'Press' in my explanations of DOS.

Now that you are in the root directory, press
DIR index.dat /ahras /s > roguefiles (then hit enter and wait a minute while it searches).

This command asks for the directory listing of the file (index.dat) that keeps track of every place you go and redirects you to p 0 r n/bogus sites (it asks for the listing regardless whether it has the hidden, read only, archived or system attributes, the /s means 'all subdirectories)and then it will send all of the results to the file that is listed after the > symbol.
Review the file by pressing TYPE index.dat | MORE (then hit enter)
(the PIPE command is the 2 dots, one on top of the other, usually found at the uppercase backslash key (\).

REMEMBER,you don't have to capitalize.
The reason for not using the TYPE command by itself (| MORE is a PIPE command), is because it is a large file and will scroll right by you unless you add that pipe).

Other files for possible deletion are
fixiel.* (the asterisk is a wildcard, it means->search for the filename no matter what extension).
dstart1.exe
dstart51.exe
dstart52.exe
dc86.exe
gensetup.*
exploit.*
dload.exe
startpage-du.dll.dr
(some files that I looked for were probably erased by my a/v software, but I'll mention some other names that you should watch for:
mhtredir.gen
Coolwebsearch
TIBS
Some of these names I mentioned might be different on your computer and some, like the last three, might just be the name of a trojan instead of the name of a file.
You can also use the FIND function on the Windows main menu in order to view the files that were CREATED on your hard drive since you got the virus, you'll only be able to delete some because you will be in Windows and using the files you want to delete, but you can collect the names of the files for DOS.



Whenever you need to change the attributes of a file in DOS (for deletion), use the
ATTRIB command this way:
ATTRIB (name and extension of file) - (minus sign) h (to remove the hidden attribute).
ATTRIB file + (plus sign) h (to add the hidden attribute).


But make copies of each file and it's location before you delete. When you are sure, I'll tell you how to delete.

 

 
Printer-friendly version of this page Email this message to a friend
Alert Moderators
Report Spam or bad message  Alert Moderators on This GOOD Message

This Forum message belongs to a larger discussion thread. See the complete thread below. You can reply to this message!


 

Donate to CureZone


CureZone Newsletter is distributed in partnership with https://www.netatlantic.com


Contact Us - Advertise - Stats

Copyright 1999 - 2024  www.curezone.org

0.078 sec, (2)